PCWorks: Windows Vista Firewall Teredo Blocking Rule Security Bypass

THIRD attempt at posting these!!



TITLE:
Windows Vista Firewall Teredo Blocking Rule Security Bypass

SECUNIA ADVISORY ID:
SA26001

VERIFY ADVISORY:
http://secunia.c
om/advisories/26001/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
>From remote

OPERATING SYSTEM:
Microsoft Windows Vista
http://secunia.com/
product/13223/

DESCRIPTION:
A security issue has been reported in Windows Vista, which
can
be
exploited by malicious people to bypass certain security
restrictions.

The problem is caused due to an error in the handling of
the
Teredo
transport mechanism resulting in network traffic being
handled
incorrectly though the Teredo interface. This may result in
certain
firewall rules being bypassed.

Successful exploitation may disclose certain information
about
a
system and its existence, but requires that the system's
network
profile is not set to "Public" and that a user
e.g. is tricked
into
clicking a specially crafted link.

SOLUTION:
Apply patches.

Windows Vista:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=e9b64746-6afa-4a30-833
d-e058e000c821

Windows Vista x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0df5d190-3ad7-42d5-862
9-43c47ec450cb

ORIGINAL ADVISORY:
MS07-038 (KB935807):
http://www.microsoft.com/technet/security/Bullet
in/MS07-038.mspx

Symantec:
http://www.symantec.com/content/en/u
s/enterprise/research/SYMSA-2007-005.txt
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

All those came through yesterday, Clint.

Ben Moore 

-----Original Message-----
From: owner-pcworksimagicomm.com [mailto:owner-pcworksimagicomm.com] On
Behalf Of Clint - OrpheusComputing.com &
ComputersCustomBuilt.com
Sent: Thursday, July 12, 2007 11:55 AM
To: PCworksimagicomm.com
Subject: PCWorks: Windows Vista Firewall Teredo Blocking
Rule Security
Bypass

THIRD attempt at posting these!!
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

THIRD! Time they've appeared in my mail box!
And they were unnecessary the first time.


Clint - OrpheusComputing.com & ComputersCustomBuilt.com
wrote:
> THIRD attempt at posting these!!
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

You really need to work on your "people skills".

A simple, personal, "Clint, they're showing up"
would have 
sufficed.

Just because you find something "unnecessary"
doesn't mean ALL 
OTHERS will.  If they are not for you, then DELETE them.
-Clint

God Bless
Clint Hamilton, Owner
http://www.OrpheusCo
mputing.com/
http://www.Comput
ersCustomBuilt.com
http://Computer-Hardware-Sales-Consumer-Electronics
-Sales.com

----- Original Message ----- 
From: "Hugh Vandervoort"

THIRD! Time they've appeared in my mail box!
And they were unnecessary the first time.


Clint - OrpheusComputing.com & ComputersCustomBuilt.com
wrote:
> THIRD attempt at posting these!!
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

We're talking about computer skills, Clint, not people
skills. I'm sure 
you realize that you do this time and time again. I'm very
surprised you 
haven't figured out the reason for these multiple and
repetitive posts, 
not to mention the complaints about posting attempts that
accompany them.
As for copying and pasting information that's readily
available 
elsewhere, I don't see the value.
Anyone who wants this info can get on the Secunia mailing
list.
http:
//secunia.com/secunia_security_advisories/



Clint - OrpheusComputing.com & ComputersCustomBuilt.com
wrote:
> You really need to work on your "people
skills".
> 
> A simple, personal, "Clint, they're showing
up" would have 
> sufficed.
> 
> Just because you find something "unnecessary"
doesn't mean ALL 
> OTHERS will.  If they are not for you, then DELETE
them.
> -Clint
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

No I was talking about *your* "people skills"
(lack of 
diplomacy and confrontational attitude).

1.  I send an email to the list, and after a day or two, I 
never see it posted.
2.  I receive OTHER email from the list.
3.  I CAN send said emails to myself with no problem, so
it's 
nothing in the email that's blocked.
3.  The posts DO NOT show up in the archives.

The logical conclusion from those 4 facts, is that they are
not 
going to the list.  Obviously, I now know that is wrong, but

the logic cannot be faulted, it's a sensible conclusion I 
deduced from those 4 facts, as anyone else would.

We've been through this crap before.  The consensus was that

members WANT the vulnerability alerts posted.  They do NOT
have 
to subscribe to the alerts and have to sift through
sometimes a 
hundred of the alerts each day to find alerts that pertain
to 
Windows or members' commonly used software; or, have to
search 
elsewhere for the information.  It should go without saying,

and sensible, that having the **APPROPRIATE** alerts sent to

their inboxes via this list is FAR MORE convenient than
having 
to subscribe to **another** list and delete ~100 unneeded 
alerts a day.  It's called "helping".

Like I've said before, no good deed goes unpunished.  So I'm

not posting them anymore simply because I'm sick of your 
b!tching.  Happy now?

So you're on your own now members.  Many have no problem
with 
that, but, some WILL.  Subscribe, and read through dozens
and 
dozens and dozens of these daily alerts to find the ones for
M$ 
products, FireFox, etc., and *YOU* figure it out if you need

them or not.
-Clint

Clint Hamilton, Owner
http://www.OrpheusCo
mputing.com/
http://www.Comput
ersCustomBuilt.com
http://Computer-Hardware-Sales-Consumer-Electronics
-Sales.com

----- Original Message ----- 
From: "Hugh Vandervoort"

We're talking about computer skills, Clint, not people
skills. 
I'm sure
you realize that you do this time and time again. I'm very 
surprised you
haven't figured out the reason for these multiple and 
repetitive posts,
not to mention the complaints about posting attempts that 
accompany them.
As for copying and pasting information that's readily
available
elsewhere, I don't see the value.
Anyone who wants this info can get on the Secunia mailing
list.
http:
//secunia.com/secunia_security_advisories/



Clint - OrpheusComputing.com & ComputersCustomBuilt.com
wrote:
> You really need to work on your "people
skills".
>
> A simple, personal, "Clint, they're showing
up" would have
> sufficed.
>
> Just because you find something "unnecessary"
doesn't mean 
> ALL
> OTHERS will.  If they are not for you, then DELETE
them.
> -Clint
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

Clint, when you do post the updates from Secunia, how do you
do them?

When I make a a post from a Secunia update I first get the
summary in an 
RSS feed which contains the link to the page at Secunia. I
then copy and 
paste the report from the page into a new message in
Thunderbird, clean 
it up a bit and send it in.

They always show up on the list and eventually in the
archives too. I 
just posted one about the Sun JRE report and it made it to
the list fine 
and quickly too and I'm sure the archives will have it soon
as well.

So, how do you post these reports to the list? Maybe we can
work out a 
resolution?

Peter Kaulback

Clint - OrpheusComputing.com & ComputersCustomBuilt.com
wrote:
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

Hey Peter.  Yes, *yours* is in the archives but not mine. 
No, 
the only one of mine that made it to the archives to this
day 
is "'Highly critical' Vulnerability-Firefox
"firefoxurl" URI 
Handler Registration".  None of the others ever made
it.  The 
posts about the Vista firewall are all replies and not the 
original post.
http://www.mail-a
rchive.com/pcworksimagicomm.com/

I'm simply emailed the alerts then I just forward the 
appropriate ones to the list.  You're method seems like a
lot 
of unnecessary work.  
Clicking "Forward" in OE and cleaning 
them up seems easier and faster.  Thanks for asking. 
There's 
been a problem with the archives for a long time now and
it's 
anyone's guess as to what the problem is.
-Clint

God Bless
Clint Hamilton, Owner
http://www.OrpheusCo
mputing.com/
http://www.Comput
ersCustomBuilt.com

----- Original Message ----- 
From: "Peter Kaulback"


Clint, when you do post the updates from Secunia, how do you
do 
them?

When I make a a post from a Secunia update I first get the 
summary in an
RSS feed which contains the link to the page at Secunia. I
then 
copy and
paste the report from the page into a new message in 
Thunderbird, clean
it up a bit and send it in.

They always show up on the list and eventually in the
archives 
too. I
just posted one about the Sun JRE report and it made it to
the 
list fine
and quickly too and I'm sure the archives will have it soon
as 
well.

So, how do you post these reports to the list? Maybe we can

work out a
resolution?

Peter Kaulback
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

It is odd there is no discernible difference in your
postings from mine 
save for some x-headers in yours and the "flowed"
text formatting in mine.

The archives have always been a problem I know. A lot of
lists I am on 
have switched to the Mailman archive system but that uses
Google to 
search it out and some have an issue with that.

Well maybe Marlene will switch to another service, who
knows?

Happy posting!

Peter Kaulback

Clint - OrpheusComputing.com & ComputersCustomBuilt.com
wrote:
> Hey Peter.  Yes, *yours* is in the archives but not
mine.  No, 
> the only one of mine that made it to the archives to
this day 
> is "'Highly critical' Vulnerability-Firefox
"firefoxurl" URI 
> Handler Registration".  None of the others ever
made it.  The 
> posts about the Vista firewall are all replies and not
the 
> original post.
> http://www.mail-a
rchive.com/pcworksimagicomm.com/
> 
> I'm simply emailed the alerts then I just forward the 
> appropriate ones to the list.  You're method seems like
a lot 
> of unnecessary work.  
Clicking "Forward" in OE and cleaning 
> them up seems easier and faster.  Thanks for asking. 
There's 
> been a problem with the archives for a long time now
and it's 
> anyone's guess as to what the problem is.
> -Clint
> 
> God Bless
> Clint Hamilton, Owner
> http://www.OrpheusCo
mputing.com/
> http://www.Comput
ersCustomBuilt.com
> 
> ----- Original Message ----- 
> From: "Peter Kaulback"
> 
> 
> Clint, when you do post the updates from Secunia, how
do you do 
> them?
> 
> When I make a a post from a Secunia update I first get
the 
> summary in an
> RSS feed which contains the link to the page at
Secunia. I then 
> copy and
> paste the report from the page into a new message in 
> Thunderbird, clean
> it up a bit and send it in.
> 
> They always show up on the list and eventually in the
archives 
> too. I
> just posted one about the Sun JRE report and it made it
to the 
> list fine
> and quickly too and I'm sure the archives will have it
soon as 
> well.
> 
> So, how do you post these reports to the list? Maybe we
can 
> work out a
> resolution?
> 
> Peter Kaulback
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================